![首頁 Logo Keith ]p !!](/themes/mytheme/logo.png){kind=logo}
最後更新: 2020-03-19
Display Client Info.
wlan client
display wlan client ?
- ap # Specify an AP
- association # Display association client information
- frequency-band # Specify a frequency band
- mac-address # Specify a client by its MAC address
- service-template # Specify a service template
- status # Client status
- verbose # Detailed information
# Client by AP
display wlan client ap ap19
Total number of clients: 19 MAC address User name AP name R IP address VLAN ????-????-???? N/A ap19 3 172.16.1.127 1 ....
# Client by SSID
display wlan client service-template 2
Total number of clients: 19 MAC address User name AP name R IP address VLAN ????-????-???? N/A ap19 3 172.16.1.127 1 ....
# Client by MAC
display wlan client status [mac-address H-H-H]
Total number of clients: 91
MAC address Access time RSSI Rx/Tx rate Discard AP name RID
????-????-???? N/A N/A 26/19.5Mbps 0.00% ap34 1wlan ap
display wlan ap statistics online-record
Time Manual AP Auto AP Total Total delta 2020-03-16/15:59:21 37 0 37 0 ...
display wlan ap all
Total number of APs: 40
Total number of connected APs: 37
Total number of connected manual APs: 37
Total number of connected auto APs: 0
Total number of connected common APs: 37
Total number of connected WTUs: 0
Total number of inside APs: 0
Maximum supported APs: 256
Remaining APs: 219
Total AP licenses: 40
Remaining AP licenses: 3
Sync AP licenses: 0
AP information
State : I = Idle, J = Join, JA = JoinAck, IL = ImageLoad
C = Config, DC = DataCheck, R = Run, M = Master, B = Backup
AP name APID State Model Serial ID
ap1 1 R/M WA5530 ?????
...wlan statistics
display wlan statistics client [mac-address H-H-H]
MAC address : ????-????-???? AP name : ap9 Radio ID : 3 SSID : Oasis Staff BSSID : 441a-fa32-cd11 RSSI : 21 Sent frames: Back ground : 1/46 (frames/bytes) Best effort : 103836/112765717 (frames/bytes) Video : 0/0 (frames/bytes) Voice : 4/736 (frames/bytes) Received frames: Back ground : 0/0 (frames/bytes) Best effort : 68224/6888394 (frames/bytes) Video : 0/0 (frames/bytes) Voice : 0/0 (frames/bytes) Discarded frames: Back ground : 0/0 (frames/bytes) Best effort : 0/0 (frames/bytes) Video : 0/0 (frames/bytes) Voice : 0/0 (frames/bytes)
logbuffer
reset logbuffer
display logbuffer
Portal
組成
- Portal Web服務器(通常與Portal認證服務器是一體)
- Portal認證服務器
- AAA服務器 (與接入設備(交換機、路由器)進行交互)[RADIUS/LDAP]
過程
- 在認證之前, 將用戶的所有HTTP請求都重定向到Portal Web服務器
- 在認證過程中, 與Portal認證服務器、AAA服務器交互,完成身份認證/授權/計費的功能
- 在認證通過後, 允許用戶訪問被授權的互聯網資源
輕量級portal和普通portal
輕量級portal又叫oauth認證, 使用https協議交互認證報文,
而普通portal是採用udp的portal報文和radius報文實現認證;
Setting
local-user MyPortalUser class network password cipher ???? access-limit 1024 service-type portal authorization-attribute idle-cut 15 authorization-attribute user-role network-operator description for portal # class: # manage Device management user # network Network access user portal user-logoff after-client-offline enable # 無線 Portal 用戶自動下線功能 portal free-rule 1 destination ip 8.8.4.4 255.255.255.255 udp 53 portal free-rule 2 destination ip 8.8.8.8 255.255.255.255 udp 53 domain mydomain authorization-attribute session-timeout 60 # 限時用 1 hour accounting start-fail offline authorization-attribute idle-cut 15 1024 # 15分鐘內流量小於1024byte就切斷 authentication portal local authorization portal local accounting portal local portal web-server MyPortal url http://192.168.13.2/portal url-parameter ip source-address url-parameter mac source-mac url-parameter ssid ssid server-type imc # 默認 Portal Web 服務器類型為iMC服務器 portal local-web-server http default-logon-page defaultfile.zip wlan service-template 3 ssid test123 vlan 13 portal enable method direct # 開啟Portal認證 portal domain mydomain # 每個Portal用戶都屬於一個認證域, 且在其所屬的認證域內進行認證/授權/計費 portal apply web-server MyPortal # 指定用 "MyPortal" portal user-dhcp-only service-template enable
Portal Web
- cmcc: 表示 Portal 服務器類型為符合中國移動標準規範的服務器
- imc: 表示 Portal 服務器類型為符合iMC標準規範的服務器
- oauth: 表示 Portal Web 服务器类型为符合绿洲平台标准规范的服务器
start-fail
domain mydomain accounting start-fail offline ...
"accounting start-fail": 設備向計費服務器發送計費開始請求失敗後, 是否允許用戶接入網絡
offline: 如果用戶計費開始失敗, 不允許用戶保持在線狀態
Checking
display domain
... Domain: mydomain State: Active Portal authentication scheme: Local Portal authorization scheme: Local Portal accounting scheme: Local Default authentication scheme: Local Default authorization scheme: Local Default accounting scheme: Local Accounting start failure action: Offline Accounting update failure action: Online Accounting quota out action: Offline Service type: HSI Session time: Exclude idle time DHCPv6-follow-IPv6CP timeout: 60 seconds Authorization attributes: Idle cut: Disabled Session timeout: 60 minutes IGMP access limit: 4 MLD access limit: 4 Default domain name: system
display portal web-server
Portal Web server: MyPortal Type : IMC URL : http://192.168.13.2/portal/ URL parameters : ip=source-address mac=source-mac ssid=ssid VPN instance : Not configured Server detection : Interval: 5 s Attempts: 3 Action: log IPv4 status : Up IPv6 status : N/A Captive-bypass : Disabled If-match : Not configured
# check online user
display portal user count
Total number of users: 1
display portal user all
Total portal users: 0
OR
Total portal users: 1
Username: MyPortalUser
AP name: ap27
Radio ID: 1
SSID: MySSID
Portal server: N/A
State: Online
VPN instance: N/A
MAC IP VLAN Interface
????-????-???? 192.168.13.101 13 WLAN-BSS1/0/184
Authorization information:
DHCP IP pool: N/A
User profile: N/A
Session group profile: N/A
ACL number: N/A
Inbound CAR: N/A
Outbound CAR: N/A# By Username
display portal user username MyPortalUser
# By IP
display portal user ip 192.168.13.101
display portal user all brief
IP address Mac address Online duration Username 192.168.13.117 ????-????-???? 00:51:25 MyPortalUser
display portal user all verbose
... AAA: Realtime accounting interval: 0s, retry times: 1 Idle cut: N/A Session duration: 3600 sec, remaining: 438 sec Remaining traffic: N/A Login time: 2020-03-27 11:43:59 UTC+8 Online time(hh:mm:ss): 00:52:42 DHCP IP pool: N/A ... Flow statistic: Uplink packets/bytes: 88468/62991160 Downlink packets/bytes: 125424/114578732
display portal auth-error-record all
Total authentication error records: 0
display portal auth-fail-record all
Total authentication fail records: 0
Force logoff
portal delete-user ?
X.X.X.X Specify a portal user by the IPv4 address all All online portal users auth-type Specify an authentication type interface Portal users on an interface ipv6 Specify a portal user by the IPv6 address mac Specify a MAC address username Specify a username
配置Portal僅允許DHCP用戶上線
system-view wlan service-template 3 portal user-dhcp-only
配置此功能後, IP地址為靜態配置的 Portal 認證用戶將不能上線. 此配置不會影響已經在線的用戶
maximum number of portal users
By default, no limit is set on the number of portal users on an interface.
By default, no limit is set on the global number of portal users.
If you set the maximum number smaller than the current number of portal users on an interface,
this configuration still takes effect.
The online users are not affected but the system forbids new portal users to log in from the interface.
Setting the maximum number of portal users on an interface
1. Enter system view.
system-view
2. Enter Layer 3 interface view.
interface interface-type interface-number
3. Set the maximum number of portal users.
portal { ipv4-max-user | ipv6-max-user } max-number
Setting the global maximum number of portal users
1. Enter system view.
system-view
2. Set the global maximum number of portal users.
portal max-user max-number
If you set the global maximum number smaller than the number of current online portal users on the device,
this configuration still takes effect.
The online users are not affected but the system forbids new portal users to log in.
Other Setting
portal host-check enable
無線Portal客戶端合法性檢查功能。
默認情況下, 無線Portal客戶端合法性檢查功能處於關閉狀態, 設備僅根據ARP表項對Portal客戶端進行合法性檢查.
在採用本地轉發模式的無線組網環境中,AC上沒有Portal客戶端的ARP表項,為了保證合法用戶可以進行Portal認證,需要開啟無線Portal客戶端合法性檢查功能。
本功能開啟後,當設備收到未認證Portal用戶的認證報文後,將使用WLAN Snooping表、DHCP Snooping表和ARP表對其進行合法性檢查。
如果在這三個表中查詢到該Portal客戶端信息,則認為其合法並允許進行Portal認證。
可通過display ip source binding命令查看到WLAN Snooping表項或DHCP Snooping表項的相關信息。
captive-bypass
Prevent automatic popup of the portal authentication page
By default, the captive-bypass feature is disabled.
---
The device automatically pushes the portal authentication page to iOS mobile devices and
some Android mobile devices when they are connected to a portal-enabled network.
---
The captive-bypass feature enables the device to push the portal authentication page to the iOS and
Android devices only when the users access the Internet by using a browser.
---
If the users do not perform authentication but press the home button to return to the desktop,
the Wi-Fi connection is terminated.
To maintain the Wi-Fi connection in such cases, you can enable the optimized captive-bypass feature.
---
Remark
Android 有此 captiveportallogin app 執行 detect portal
